gandcrab | 7d9c2ee2290f0308ddbd4c890bb5bc5f428d11a164aff9ba78b8386a430084f7 | Triage

Sharing

General

Target

4a80ae15149b6fc5f8b3611a40de205e_gandcrab_JC.exe
Size

70KB
Sample

230803-te7k5afc8y
MD5

4a80ae15149b6fc5f8b3611a40de205e
SHA1

60f6326acb7e1900bc10049c978fe8b73c7b6acc
SHA256

7d9c2ee2290f0308ddbd4c890bb5bc5f428d11a164aff9ba78b8386a430084f7
SHA512

b03cd6affedc44f26635d375f349b35c0bd9901d6177581a51b69fb823f6f2cd38a15006b78f074881caa3028bddef393d13be9f34c628a2a22873ad74d8a1e4
SSDEEP

1536:PZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:md5BJHMqqDL2/Ovvdr

Score

10^/10

gandcrab persistence

Malware Config

Targets

- Target
  
  4a80ae15149b6fc5f8b3611a40de205e_gandcrab_JC.exe
- Size
  
  70KB
- MD5
  
  4a80ae15149b6fc5f8b3611a40de205e
- SHA1
  
  60f6326acb7e1900bc10049c978fe8b73c7b6acc
- SHA256
  
  7d9c2ee2290f0308ddbd4c890bb5bc5f428d11a164aff9ba78b8386a430084f7
- SHA512
  
  b03cd6affedc44f26635d375f349b35c0bd9901d6177581a51b69fb823f6f2cd38a15006b78f074881caa3028bddef393d13be9f34c628a2a22873ad74d8a1e4
- SSDEEP
  
  1536:PZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:md5BJHMqqDL2/Ovvdr
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2